hxxps://www[.]dropbox[.]com/scl/fi/yd5n8xmx79tyxw6w6dfan/ADOBE-MEDIA-ENCODER-2020[.]rar?rlkey=l23bljhlu68yfqwocqx3uz0r5&e=2&dl=0

Analysis

max time kernel
510s
max time network
513s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 02:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fi/yd5n8xmx79tyxw6w6dfan/ADOBE-MEDIA-ENCODER-2020.rar?rlkey=l23bljhlu68yfqwocqx3uz0r5&e=2&dl=0

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
1984	winrar-x64-701.exe
6088	winrar-x64-701.exe
1212	winrar-x64-701 (1).exe
180	winrar-x64-701 (1).exe
1940	Set-up.exe
3356	Set-up.exe
5836	Set-up.exe
4004	Set-up.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
5228	1940	WerFault.exe	178
5212	3356	WerFault.exe	181
5792	5836	WerFault.exe	185
5396	4004	WerFault.exe	188

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{1EB71033-BE87-496E-897C-BFE430AD3E2F}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 639953.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 751840.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 220675.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 58076.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
2732	msedge.exe
2732	msedge.exe
3644	msedge.exe
3644	msedge.exe
3152	msedge.exe
208	identity_helper.exe
208	identity_helper.exe
5276	msedge.exe
5276	msedge.exe
5820	msedge.exe
5820	msedge.exe
5820	msedge.exe
5820	msedge.exe
1368	msedge.exe
1368	msedge.exe
5816	msedge.exe
5816	msedge.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe

Suspicious behavior: LoadsDriver 14 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	5604	7zG.exe
Token: 35	5604	7zG.exe
Token: SeSecurityPrivilege	5604	7zG.exe
Token: SeSecurityPrivilege	5604	7zG.exe
Token: SeDebugPrivilege	3664	taskmgr.exe
Token: SeSystemProfilePrivilege	3664	taskmgr.exe
Token: SeCreateGlobalPrivilege	3664	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe
3664	taskmgr.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
1984	winrar-x64-701.exe
1984	winrar-x64-701.exe
1984	winrar-x64-701.exe
6088	winrar-x64-701.exe
6088	winrar-x64-701.exe
6088	winrar-x64-701.exe
1212	winrar-x64-701 (1).exe
180	winrar-x64-701 (1).exe
1212	winrar-x64-701 (1).exe
1212	winrar-x64-701 (1).exe
180	winrar-x64-701 (1).exe
180	winrar-x64-701 (1).exe
1940	Set-up.exe
1940	Set-up.exe
3356	Set-up.exe
3356	Set-up.exe
5836	Set-up.exe
5836	Set-up.exe
4004	Set-up.exe
4004	Set-up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 5044	2732	msedge.exe	82
PID 2732 wrote to memory of 5044	2732	msedge.exe	82
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3744	2732	msedge.exe	83
PID 2732 wrote to memory of 3940	2732	msedge.exe	84
PID 2732 wrote to memory of 3940	2732	msedge.exe	84
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85
PID 2732 wrote to memory of 60	2732	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/scl/fi/yd5n8xmx79tyxw6w6dfan/ADOBE-MEDIA-ENCODER-2020.rar?rlkey=l23bljhlu68yfqwocqx3uz0r5&e=2&dl=0
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffde42446f8,0x7ffde4244708,0x7ffde4244718
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2780 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2120 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1368
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1984
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8112 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5816
- C:\Users\Admin\Downloads\winrar-x64-701 (1).exe
  "C:\Users\Admin\Downloads\winrar-x64-701 (1).exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1212
- C:\Users\Admin\Downloads\winrar-x64-701 (1).exe
  "C:\Users\Admin\Downloads\winrar-x64-701 (1).exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13342874373354123984,18305303809372835103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:2980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520 0x2f8
1⤵
PID:792

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5431388d25334652ab59c5c34aa499ea /t 4364 /p 6088
1⤵
PID:4464

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c1c5b759411341a2b49a30c25ff06fe2 /t 5892 /p 1984
1⤵
PID:3508

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0e227e8c97eb42079de93ec8cd586483 /t 5920 /p 180
1⤵
PID:744

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\86e707dca83d4f5b947da4d7c55d8e6e /t 5500 /p 1212
1⤵
PID:4360

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5356

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\ADOBE MEDIA ENCODER 2020\" -ad -an -ai#7zMap17216:110:7zEvent17032
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5604

C:\Users\Admin\Downloads\ADOBE MEDIA ENCODER 2020\ADOBE MEDIA ENCODER 2020\Adobe_Media_Encoder_2020_14.3.1.39\Set-up.exe
"C:\Users\Admin\Downloads\ADOBE MEDIA ENCODER 2020\ADOBE MEDIA ENCODER 2020\Adobe_Media_Encoder_2020_14.3.1.39\Set-up.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:1940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 2492
  2⤵
  - Program crash
  PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 1940 -ip 1940
1⤵
PID:5508

C:\Users\Admin\Downloads\ADOBE MEDIA ENCODER 2020\ADOBE MEDIA ENCODER 2020\Adobe_Media_Encoder_2020_14.3.1.39\Set-up.exe
"C:\Users\Admin\Downloads\ADOBE MEDIA ENCODER 2020\ADOBE MEDIA ENCODER 2020\Adobe_Media_Encoder_2020_14.3.1.39\Set-up.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 2228
  2⤵
  - Program crash
  PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3356 -ip 3356
1⤵
PID:5680

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:3664

C:\Users\Admin\Downloads\ADOBE MEDIA ENCODER 2020\ADOBE MEDIA ENCODER 2020\Adobe_Media_Encoder_2020_14.3.1.39\Set-up.exe
"C:\Users\Admin\Downloads\ADOBE MEDIA ENCODER 2020\ADOBE MEDIA ENCODER 2020\Adobe_Media_Encoder_2020_14.3.1.39\Set-up.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5836
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 1656
  2⤵
  - Program crash
  PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 752 -p 5836 -ip 5836
1⤵
PID:3512

C:\Users\Admin\Downloads\ADOBE MEDIA ENCODER 2020\ADOBE MEDIA ENCODER 2020\Adobe_Media_Encoder_2020_14.3.1.39\Set-up.exe
"C:\Users\Admin\Downloads\ADOBE MEDIA ENCODER 2020\ADOBE MEDIA ENCODER 2020\Adobe_Media_Encoder_2020_14.3.1.39\Set-up.exe"
1⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4004
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 2172
  2⤵
  - Program crash
  PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 4004 -ip 4004
1⤵
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Installer\Icons\AME_14.3.1_win64\config.xml

Filesize
534B

MD5
2bf9f831e68bc1c40aa7ad9456f0dd64

SHA1
5f0169ed2ce46b27eeadb985c57c7ae9f80bf90a

SHA256
7c4bb24e29837f106919240be87763ff102c66c48875164cbdf263093ca91fc5

SHA512
6a53b2bb18f85f248d58f6b76d09f4a6f73433fefba719c7afa8221c1d0769e98f8b9e37d61319d030f63ae7909e987313d495fdc67de35fbfb4270beb3e7aa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
233KB

MD5
b9872c95466590c3d1dd1f28637d63a3

SHA1
abedef856babf7cdf31dde18be0b4d0ac342433f

SHA256
9ae687c6968d0662954246a8ffd63ce12f56667d3e830c139f96c8bbeec4b05b

SHA512
b966b362efae03708cc29a85e814adc99eb40e7aab6e84514e5b933d090457acac36efe8724db8c2359dc11902920e2a1e04d03ab5ea2b87e5e5f19d342f008c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
67KB

MD5
9e3f75f0eac6a6d237054f7b98301754

SHA1
80a6cb454163c3c11449e3988ad04d6ad6d2b432

SHA256
33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf

SHA512
5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
41KB

MD5
b15016a51bd29539b8dcbb0ce3c70a1b

SHA1
4eab6d31dea4a783aae6cabe29babe070bd6f6f0

SHA256
e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a

SHA512
1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
1.2MB

MD5
874b361adbc012383cb85dec3b1eec7f

SHA1
d2369916a35e5560153057934ab928ed37d60b20

SHA256
2a3e989c7a1b8eb9050f30eedfe0f099768aef2396306a221bab2ea4dc680e6b

SHA512
f724c8416960f616ed616ac814d146f68affc09d903ee3fad0c48af2749efebf22d2963196fd72f587b9afe985e2275f2dbab83e1c5ce35d7d6e80a8ce96140f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
33KB

MD5
d2c299586fe5d9ba67694f9721a4d1cf

SHA1
72d4d8c3f08034c3c14a4bf04b51854b38ae970d

SHA256
a245918f09af8647f24313833134d3ddbfe2a282aaf34a06216b49f6faa73873

SHA512
47315588220ec8ca7d10ac83c7e2eac41f5788b49299e8bd06549b21641e1c8333f2f1c19a17722987ebd563d2abd1a82985184b00aee283b3b75d4bc38210e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
261KB

MD5
f52acfd2430b4cedd65f99b8f21b1676

SHA1
64f019049e45aac47706cc33d90b9058154512ff

SHA256
7eaf4f599cd97991a9e108bfa9abd1536ce11b8a31c4a056590d359966956a64

SHA512
03ef4223b349ff52fc162fe024da0a0c25db8fe0e31c37a79ceb1f7ea0ad252c0c90bf2f971060d2686f61a00c495a4a96fbe44cf6c7c2f8596b71c959c93bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
30KB

MD5
888c5fa4504182a0224b264a1fda0e73

SHA1
65f058a7dead59a8063362241865526eb0148f16

SHA256
7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715

SHA512
1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ef9beb3b1cea6e64d9c66147142690d3

SHA1
5b4320dd14e27835e92d1c86a1f8ceeca4c39ed2

SHA256
238d0a9f2b7eb91b84fba48dcf1bf50fcefb00fa85d2d909e2dfd8f1afed2557

SHA512
92b4838c0c7bcc6a663b30338a59ab02450482104c11f2fc6e0aa69cca536a0590490ae1f9bca90930d0d72f536dfbb13f4dd3503aee1995aa0a276d5d89348b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
383b55545f7390428b5c93b3442e1d39

SHA1
8c6c5b26337d68327f30fb90f26dfab1834e0f0d

SHA256
cc19df812a11dfd442b61765327834b9d1ac555d71f3d36d08e3bfd3a8f175eb

SHA512
5a14c2d770e2c312c7c5ba8047b827bbf392d13b8dc007fa8b407a90b16966b4a1636cca8bc720ce5bdafabd99d4e6113807c4d073d80aec0ff459c8211825b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
252832a920dc8c66eaac5d7734c4a011

SHA1
620a5011b65b59f1b446ccd5ebf4b3a87c1e36cd

SHA256
29556eae4f8ace8479f205b1f8bfcbfbc482d950dd5206c62e8caf54cfbc3356

SHA512
3d731d47250cbdf26441745a516a9c973f8624c74ada30dc59394c5ce57104b02af633b062fa0b9cd7ffae765dc0911e9f534239e86e435e66c973393a95772f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
a3a768003af9131f5b4d05100f5f598b

SHA1
ad9fd0935d81ca0e3d8638436a8d65bd27f5adad

SHA256
727415d646be40518c9afff894bf8629780640d5e0e492cfff4b353b2499ee64

SHA512
299b52ab8145b1c7a0d813324f813f8a83b3278b702e617519a821ed8f17da8c6c3f1e1e10792250813a8f0627e38782ef0d61ae86b44b28b64e385f63a19096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
cc3b40a80f3189209a5d74944896cb39

SHA1
ee4817722739531d710d989ff908f5700b8474d2

SHA256
bd20093d73011f406827753d1b3c9e715914aa017a76b7f34960fe917e3dc2b2

SHA512
fa7c3c8d11de4f43f05a93d756bdd0c8fc3a174a15ac31789b37fed8f7e95e6c6e847ad4be5cc8d76845f0b736b2659f745fa3769c952959231c189c441745c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3ffb8c0814887bb2afed6d5f62825f44

SHA1
479d9a775eff759d6f04d728bcae659534977945

SHA256
1d6e33bc02045f18d6ce90e25b86a0b4f4aab563d998e833abbddd146165efef

SHA512
c407c43aebf218591dbe373a95a7d572e32cd1b5bf54f79e6df13ab845dba79c51ca8e4c5a651231e7c365ff1cf2a7c899b178424a547bcc7128d580bf1d3f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3b458ec91da2493ab2ffa3a1d3c18e98

SHA1
b32cc6c604ad49fc4c5cd9c58ac58c46f350c96f

SHA256
6265b2e59c84fb6703d8ef801fd9b323dff28fa441bc7633efffdb9352a6d2d6

SHA512
35f6a53215b55876223f71edfe6c34125072d79d6bc35aaf97a37f535be789e9505bd057bab725a1807c2bebb1268245655b2cceedc3607e57f476483f7cfe0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
70fc88e0b6e583cdfe163c41d9aee880

SHA1
dc78b4de2fc9fb59f28636028a315e4da9215fcb

SHA256
3e2f4f6c713e8f88d1672aa97b4250ee763f5c4bebb41477c20dc6432a955508

SHA512
d4c8305e6dae09dff3f8bce1fc9fecef049edf4176a37bdf72285605982782ffdb4e97f9887c1fbd8908b7d13c572ef95043d4e4624c23b6c297b97f71fa76a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f0bce6c660d7caa5d3b27de16f27a6fc

SHA1
aa16d1b1eb6d544f6aa16f7d6a003913d048fd1e

SHA256
d29e8e4d1d0f212e93ed9f145523ab4a5cc6f3f3a1e37c177a0e4ea7d7882f6c

SHA512
a49db244a9c32b5a822733c58a8c6100727bf55e5dc862c2418e56dca4830dd0b37ea2581a90bbbd61b00ec33ce7912cfb1fe3deaf3040371ce7c5a3682f3220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7d439ad21f59e342150a07de59dcec95

SHA1
3d2390ca6e1f76a0d519dfe1cbce3095bdd3b561

SHA256
3009b93ac8a7f867a20c4b75b8f40d4eb3e240664e67838ede11a0963458bfee

SHA512
d87c011cd06096325198e3e63d5db45e1682f5e00a8b9a7c83f4a59ddb6cd22ae8ed1d76903cbadf2698810d3704d10af6a108370e5495ebc55b55e6b706fe05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e68ca7e00b6375c38e7b8e07e56e5d4

SHA1
b369c3199218b7f63d369d38e953eab114b797c3

SHA256
59312f0fba81926a900cb604dfd360291ad4533c7e2362ecd805268458c7f4f8

SHA512
159e6aaadd4a15ecbb531e53c3e7bf28463c7d268f036ab035215bac799b55ffda430e3c4a4c7c0008cb1013c030bde86ce35d3554c2101365640a62a0f02650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d5f795c852004eea7f5080f8525cb14

SHA1
544a8b48ec9b5120dc92e1e2b554a4f66260ed9e

SHA256
2213b3b3c9413726183cc1df6287c0bd2527f2877555bfa56fb6bee012427c41

SHA512
4fa5a6e400c4c9c515c183abb6f1aac49e782f5ba17de8bebee73a830115f872ef6a4b8e66d29e5d2fc618733ffc36cc9b28373f9a6d8e463a64c5a2a0be3a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7b867eaa407d621a24ac8f8a72ead1dd

SHA1
739c007055e236e5939652a9c2d4af53f68bde9e

SHA256
af6e646ea647dec98f1123c5a4838d681e0b0c25d1ed7810021f5397f80e8650

SHA512
8eace783a61176877cef35e4c59e93593d82b99e53873a9b2f79d588cb2f8e1e5116afee9d9edcc310591baf7a4d341256c479ccaa2959bf0a2ff7de9ba87692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
89f7b41590cb95c5c71b2dbae5ae03c5

SHA1
a17925f70ad0d7da9534def293ba6ef7c61c6324

SHA256
aa491acaff67fc920f07bfeb17560f925c6497fe50d12ccd7ca1d17a543b606b

SHA512
9e19baa29894e2e71cef400282f07ea03ff4c03c610c60e59c8cbd54f6fecb5008cfca15db11d1ef42c7b59082f3899ce5a3dc42b81bee268a2c8c5a9c922a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5a986770d573675de6a5455f0fc7eb49

SHA1
48d7e4b40134468972fad312f14314509b2325a7

SHA256
843b4b8729fe1b95192302d5c4f8f7a51c3efef6ecc7361b1bb657255cdfe1a2

SHA512
cdc6878a85a8e6bf5d396387d2752a9219e44557fab6eb3fa9301916e491ec9fc4ed98a350a5e0f97e171b71f1fc3a3765bdcd4df11b2d98b54f8e31f57def1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
795b7ba3628e6f2aeeaefccd0605d0df

SHA1
7c3804972c71ad546111d6f7eb41f82d6716e5a2

SHA256
193c24128fb56fb2d449cc95ce441e63a1072b1db958335b07be319d88a1e030

SHA512
8e9cbeee7f764e058aacdad8d24ca5b058055bf4cd6c536b5e1d71f9d87225abf941704413aa432f6c590da6b37cd0ba4383c12111449ae9d2ba41a8c1fe617c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5357a5e7134a9da2f5ba1b1de90e1d98

SHA1
5424a6705cc4dcec130a398c43ac8cfa6ff318a4

SHA256
d955083f375ba8d40d88b4ad3327ecbb7999d2f320354f41532f3dcd0754a981

SHA512
3841282114bf2898c715302bb048223cca71578e743d86954524ad78837718e6f9f7a556f7809b9e5963a88b200a854546b305dbe9c48970af7359119e24ee7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b27688bc5e680ad10acb767b7c8eb33a

SHA1
b15633af8cf394a3bb8ee02923dc9ce5c2715222

SHA256
cbdc54943ebe4eac0780415221206a9a8d65e399ca2382b02c4ebcaefb87f690

SHA512
dfd0e13fc7e6366548136e59acd9007949d15e45495d0f7070eba4f923c4d1576262a8ff3b270505d68a4afc77cec05a111cc9079c8c1e576c4810fb9a7384b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ef51576fa40ebb1f36f6f2f72f05d90

SHA1
53e5fa0c95ea823b3b81afc6390ec46c46b0c675

SHA256
c7c4460d40e6fedc40789198637014c7d4191cd35cd146b79f38024e04ed50ee

SHA512
ecbf78abb446e4ede58976e0d71e63525deda48768fad1672d3e2c46cc3c0d9dee6f04a58ad8191c529b1b6b7f86158839ffff437e6960c154ed25904f1b6cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
68862c45860160cdf83c0c8066efe2f7

SHA1
f9f1d2646bca6d4e0e309979b487844216dff2f6

SHA256
db182b4408f7d1ca1dd3e735afcb11823279e45cbc59ca01bdf4204050e5ef18

SHA512
0e25a44b667f3467b61090d677aeaa02c787158192a87c7cee8278e3d8b1c30434820d2eeb4b4d263ef87622c8ccf459ce77de97569a0db212eb57c4021dc2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
027606d89f5c328257be0e6cf4af2d2d

SHA1
3cec01b18ce08fe36dfeafbf333cd7c82c31f476

SHA256
462ea7a67951b4663d5722a7310e5f34fb97ec2e1a086b8a71cd7ee3c1a1bdb9

SHA512
6929f180c1af8de675873ccacf2f465caf9bbc2b78652a1f7eb9afa8071e56d6eab78ddb8d6a153c9890f00ac716833c94364aaad14c069566d2fd9068301105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
60f0053d64810a06513dd5bebf8fda2f

SHA1
4a622ed78800144be3e155275949451035a682e4

SHA256
cc10c660e055ab68b190f245bca7c17c2cb4b42227cd4508fcc9423569d180ce

SHA512
d467dbbf306a50e628f42a9a8bd76a63720ea9f1277936560f69201f93fde171ea550060b7a0a83d934d9f9e923109f4d70de98278448d3ef37358a2e9312d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5940e4e079a3e41814972b062e0cbe36

SHA1
cb66617c9958b21af9316ddafb15b93458e8fa50

SHA256
264103294dc6ea6024fe77f991ecc1269ee07e7e8a4c414bfc886d747a569a56

SHA512
744f34b2c0164a2922be290fdb92efb5d27e814a173bc09c8b984b4898ba6b8ed36301117cc46dff76cb685cce25131069126008c6524422e8c003ccce922f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac5d30cc6b8a3db83f74c23e92a84b62

SHA1
8c0d0fcf6be42b67c08a6b1b00d7512b73143f5d

SHA256
a02429b35a069d4a2a858d6bb1890c9820be8f6ff23bb4eb8c7e5a688972e85a

SHA512
1c9779a15eb1c68c8a785190f50314e719d738168e44a669f510598807a6903c92bb0736e5f0f02c96e2173d706b5a20952b4986fb88344f17a22e8cab3955ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ebb38d78d9099e21ea74c1c27a7fac3

SHA1
432a44bb95671e5483996e13afa0ade877c5eb39

SHA256
5db4f2244edbeeaaad481492835bb200f12a39c81744260f240a24a6ce75581c

SHA512
33526486a991d749b0a4551bb24649b0f40f826687d4828688065ab74e2b3e14d8b4b62792557af70922e755b7090c9d0fbe87e5f2e6a95fc65b49c8e24bc310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13b36dac33cf840ea868e95d13404791

SHA1
481422252476100f7a4fa52e774fb56290bb2809

SHA256
b8f9101226084ea66d7f3e076072f91675b3be48f7b90861d239fa32b7af94f7

SHA512
4bf845a55ae0020c94f26b1286c4f158ea2a6a04c7c2844ec90c4bd494245b7ef02b47061ef8e7237edab960fa8273e47b9f9648f4c7c37efcc46c8a65a55edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd77a5926a0eb29414bfe62ca136838a

SHA1
407e269d38b7b801cd3481c956e09564091a1825

SHA256
09e75f3ad2699b6fd862330348e5ae72ca7aa85f47c768deaaba4f1eaf5e0858

SHA512
e453b51439cc63d67d49a87142ac759bb2054d17c2cee38d94a9d1bc6b9cf3747e87d4b60793a82400abae714c00a8d899ac5159e0d86744ee99d8355807fd1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
184424dd7d6e6d933b44e09049cea9d1

SHA1
09575d06b44c88ad0ac40aede150fbadbb8ff04c

SHA256
006eb9b0d6d0f3adb9707320949025d9c85627716175523b455e9063ff6a56e6

SHA512
a674665341ada117c6e7aef78aadcc110bca582f24a98cb60367b6b499b3816b57e030f51df328dd5bc6c5c5e1fc6a65a40d85740968d30c9aa0f3bf8c690b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
055f3f18bb7dd1083ca597937f770793

SHA1
4a36295f1c4ec7275282dcac3ec1f69ff3cc5a54

SHA256
8915fcb7ecc716bac41af8cac32ffffbe88cde2ed0ce9b04e00ab07058951149

SHA512
22c55cda105754d361520888125ed3cb1e218890181d61150cfeae30dbef1e586302a1b48342c4af3ad7a1193c962d88ff9ca1abca0ee1e98e4e8d5dbfc83d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a8fb7d7479547029331cb22af15f3816

SHA1
6b81f2034230e1c0ab42fa17a7f4df20f66812e9

SHA256
abe71e869332de66140e85b84c26d156d901b99784f5ce43b1e1fefc2649d48f

SHA512
b6fb1205be7387520f8b2235ec48dd040146be402170c6decd3fa71a3c14003e89c5c13861abf652e409054fb348eb8c89f54a8431685c1276ef6dcc5b441e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1a0a7247356a146214a37cfe4691426

SHA1
a0243fe620a573d8b396767915a00653209aa65c

SHA256
191d57fc7184121bf2faa4620ff00fbfad77482b54c216c719e3c50bc26389b7

SHA512
7aab652b346491b9c3016aeddda541c2e3a210e4cd95bd16f24306a90a342923e7f0b99fb483ce138fd478cc2280bd2b993872682a3c60341961586b53c53415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
733b0506f7c14b12304bebc72d6c8da1

SHA1
ae59895bd2d9af09b4dce8bd962072b2e2a6991a

SHA256
c2a812dc9780ddea4611b31cfca214bbfedea5af00f5c9f704d3660ce513c630

SHA512
af6cecee83e6d0d216006ec557453576e96cece5202035c73b33adc014896fc95f3fe452e203b45b1bfb7e30b39aefcabad4001509ce4d2e0155cc4e9f3b4adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5aa8214ec666a1e991f65592756ab097

SHA1
f50d4b04093c3636813a6c34cc90f69d9dc6d2eb

SHA256
27e7ab6dddc18120bfaf7690674ac225f655de8ba1eaaa75c0a3470c6cefe2cd

SHA512
85e03245a6f7002b466b841cb39143ad181eccae3fbe3e77c58e215d422df57708707d01ca114c3358a254e49f557913dbbb4cb6a93695d875bcc75b863217ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a8e91a884f6953f5d8fc2c26a53a6349

SHA1
5e7e736f5c18d75a5f9482421bb08f0cf5cfda62

SHA256
334b2ce2849a43b6c66ae28cae2723904d770e42c0654a2d3c82f84f7706404b

SHA512
89f62dc1aa28da4ee17292ebd3f7131cdede38954c8b7fe549ead1a64d42d9f600cfef184cca36c2e2beae2fc17b2b94b15092c91f48d970d15adcbbd1ba5353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b44bc5034ef1f18de2d9e344e2efc527

SHA1
f63d5d1d1b78055b8545999e1ccadaa0a58d8b2b

SHA256
89549c56bddb5cbf046c98cebd17068316c3873d1dd32b89ceb0cfb47b910045

SHA512
0a7630c4abb95a40836805840b715b7c1a0806380f5a2fbf901c1745c9eb10f425ca25f39fa3e0dd47db8ee350dfc9d607b4d0bd4a4e6720e3544e6aa03547ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
16475c8e2703a76ecfa483f9facbe182

SHA1
c2a1029c2526951bc7b1777a0d2ef25324ea8aec

SHA256
ef76729d59e5bbe00494c5a6c551e2d2e1e4d119ebcebc53d53c26af66ddcca6

SHA512
702c3e99dfd1f7fc2a7ef310672e1906f9652577ad171aab0a95fa93a3ddc4ad867d17459e817cc99399d625bd2d5c8db58c2e7253d28b0cd1a23721837c6946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a498720a7207364b3fbc6b7b686b765b

SHA1
5eac3e47a324d428f2c9ccdfad2b35b2da3aeb9c

SHA256
b71189da3d80deba26a666dc0445f4271b6ee78a12c0dcd8efddc3830ae6287e

SHA512
9bc1bca25dac5a0e9a89d540aaff9e9cc4a88df2f3247c043011c3d6c3492e6da93501fbec950b3b5b2814da4f0e43b1d7eb4428850270fef9d1bb13013c99a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579a4c.TMP

Filesize
705B

MD5
23b49c6cfa034ab95785386382f8636e

SHA1
9869209e79fd96cfda2bcdc84786f0285d457d54

SHA256
1b69a72390f96eef381bf717e41af7c35831a3da75ab4837639f6f12934ef1c6

SHA512
694cc5f2fd1ba66a442f2234a907c212530a184a35c5790d28195d860a50f09280af00dc54ee1f93f88ea05f34ca87e7d7d9e78426865d826266066b580fbe38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ae15f2cd6b5df0d479552e4583311fa7

SHA1
b6cb7413ef7e473408ed4ab4ccb5b050af831312

SHA256
3c3d403e700f956b8beab4944f8a6011338116b0a3b74ac4035d561f5021479d

SHA512
d5ef82de350041bf2fc424b3a6c85fa2caef551aaf551f0dc69171481ff02f84aeb24074969f96dd5aa344b8de6c77fce3e721c47b2e9241765b0ef5fbf979ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4866311e2958a0ade600f6971b5fd3d7

SHA1
d05b946b89111eb0caa4695f5e5a340a3a0a8527

SHA256
6e79a7015d16fc2bd5831691e8d7e58c848e81359700d956af4332403908dcdb

SHA512
7f7aa7f2c4b490af1147479f37a0fd2de0a62d6d5f64a2f7697d50b1f3293434478b11555d919163b70e9013637824ee70fa36b44d2f91b4d428346627161a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
509ad8df0cf6e6cbddf6a364b168c8aa

SHA1
cc972a73e229d8bf1a3e29a68e538178eebc2d07

SHA256
a7c5b441277278c6127bc10b1df5034d8650bc20f105be2564e3ce068a61f7e7

SHA512
f4f0cd505f6f00b076b62bf4b2d34ba83231fc852c488bbacf27d93d14668dbf9e261b42ee7c879a5834ef187436c14bb2a65b994c2f4aa9046df1c789198d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
842d0b503192223acaba7c6f15e3dcb9

SHA1
151835eddd0815b4b6c60cc3eadba4b310b3fa23

SHA256
82208aabb1421bbd541122204b0081f2345107df2176effd177ae6a5ba9dde5b

SHA512
01cd63b255e53ff66fe7c71171d3200b36d53b1502f9eafec9262be003e9ece766de1270a31c5602f98c47abf1f8b9d7e634219456132a4d25d2894ff9d35a18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ddd88988678a2da0361cbd22f7b816f3

SHA1
b89fa1f47078c10d42190f3dccb39a98de8d2aac

SHA256
865c7a449d9a2c2ed23ca21a693d512e46fd01f13a406d4e7a79444daa2b9477

SHA512
69a20fa170c6eb9e9839ebb9669b31ce1866b470a42063f70504c57038d6d666f7f81c0a98ce2920e6f1de42d0df012dab5e1976f6fc9b44befc660bd3c81abb

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat4F95.tmp

Filesize
140KB

MD5
d070306a9062178afdfa98fcc06d2525

SHA1
ba299b83eb0a3499820fddcf305af0ddbda3e5d0

SHA256
8f5ccdfd3da9185d4ad262ec386ebb64b3eb6c0521ec5bd1662cec04e1e0f895

SHA512
7c69e576b01642ecd7dd5fe9531f90608fa9ade9d98a364bcc81ccd0da4daef55fd0babc6cb35bff2963274d09ef0cd2f9bce8839040776577b4e6a86eb5add5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat4FA5.tmp

Filesize
140KB

MD5
e204643042591aeec2043c5eae255099

SHA1
ba5f2f94740400f540befc89f1c4d022a26faa84

SHA256
7f58f56a7a353f8fc78ec2757394a7c7f28165e6bbf2a37d6a6e48e845874f3e

SHA512
7196c5b8e88100a08eb296be7570df4d045268ad6bab1c45ebaa9063aa9b46b8896886e24a9f861e322b167dd95e18d5a18abb76f1bb01c8bc85c36bead855ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat4FA6.tmp

Filesize
139KB

MD5
dfce51814cf6d2f42375f948602cd99d

SHA1
766e162ff305343010b67fbaa28b36af277c5b34

SHA256
7a8a945586a1d21d2922cb4aed9e28d872129f6c396ac69f47ef3e32ea972ba0

SHA512
2c9489c18719ad29928e86a9e631e080b024c882a77a582f40f4f86f625de9b08ad3c09710d5ee32b5cae5284fd960f412f05290bdb3b4709f097b269b99ce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat4FA7.tmp

Filesize
103KB

MD5
fa794ec12d353c26805ff53821331fc2

SHA1
cbc6658badeda2ad9b0d2e03a0a35ff7fbba542a

SHA256
cfdbd8a2aa463c11e483dc10c480acd274e9786632f5571a3970e8a20a2d8237

SHA512
1161afdbf6fc9b74421031fe6e139587f291ffaec03cae4aa76c1a86e10a69c7b1602ecbfbf60287ce8ed926377ad159992cde605ba98e75b212e971b7e14f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0DB1C79E-85D7-459F-BC83-3A78861FA7CE}\Dictionary\en_US.json

Filesize
72KB

MD5
c693e1bd4feda683ae5c71f2bd6b9de8

SHA1
2f3c32dbb95623c52ebf3b608074afdfbcbf050a

SHA256
5dffe13d4c72f59dbc6f8efb439350518acd4e8e07efa124973cfd1a625f60d4

SHA512
a48c520b1432f208f7494759d316cf2411163373ef7ba5bb2b2121b4520beb2932d4ea612e9d2dc8997b6221fa2d44c9312928c79394a5d8c577fa39aa5007d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0DB1C79E-85D7-459F-BC83-3A78861FA7CE}\clean.css

Filesize
702KB

MD5
4f3364af3e396f92a8826532bfb1a7e5

SHA1
7f7b613435ece78a358f2066287c2f2c3c6aa168

SHA256
45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e

SHA512
c022a28656483106095967ec4d57eb743d04f029406c2c553c9d19c103520e274c0eea19f411bdb7ae16f388211c456a413df5a0a6097036deb0010573d49c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0DB1C79E-85D7-459F-BC83-3A78861FA7CE}\common.css

Filesize
2KB

MD5
1265d497504870d225452b3309b0e06b

SHA1
29a3b783e6f2f2cd3f6d08833b83c7848f8e3450

SHA256
4273a5d4ef990dead6cabe760c27b25f7fcf8a51177f1b31813ad8866a565330

SHA512
9aa8b24e800a619651699c193a7747b8673a3cd4f8a5d3b16ee35f5ef6161f953a904631b97d118339332a3d2c7292c910802f6e1518db18d48fab5e9eb91681

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0DB1C79E-85D7-459F-BC83-3A78861FA7CE}\main.css

Filesize
16KB

MD5
ee23e36c90c9fccd530504285d371ac3

SHA1
7a4e24d18ec723d38cd922e3845ff290f0299e15

SHA256
32616e0764c80efb4607a0dccfec7cf7862886c4ae80e6405dc3cc5c62cd0f82

SHA512
542937075a96f6afb8170c6f41915efeec5e067803606c2a26d29e6c990d93a255ad8cea18600cd0825a0c91ff935d057870a1724062543a8e2bc09c4041b375

Download Submit
C:\Users\Admin\AppData\Local\Temp\{96617758-AA6C-4B43-A0E5-03FE35F5D88B}\common.js

Filesize
2KB

MD5
d98f70ffd105672292755a37f173c2ec

SHA1
c0154add295ac052f234a0282a62b704cdd01998

SHA256
257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3

SHA512
1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{96617758-AA6C-4B43-A0E5-03FE35F5D88B}\images\productIcon.png

Filesize
1KB

MD5
23e9d1d0c0e3f3232ef2fc1742c9cfcf

SHA1
0ee13e9d6e13441d6f5e6a202b210540424e45bb

SHA256
12cfb1017a255a9ea49fbc968ce5fef23a9436e1523732435173ba1e11166c01

SHA512
62abf4256280aba556caaacd75e9b8c0a5dee369d1af7541d4cb2bb6e6c18b43b658445e18068a1c3561089dd267ff001eab2addc5875274fd85fa50cc08d209

Download Submit
C:\Users\Admin\AppData\Local\Temp\{96617758-AA6C-4B43-A0E5-03FE35F5D88B}\images\productIcon2x.png

Filesize
3KB

MD5
dff6254254b03c842c56b23176527ee9

SHA1
0e5023599325af4c15a98459f4e761899eea2124

SHA256
8a5d2cba1c522c404c3cde74b131966f08b12651d0d828b24aca178c10b35808

SHA512
43fde4025df75e57fb4a6aa3f905d1b3956c4c65bf93359211276f4400e3c14ca6e4bf18bd3dffc8efa6df6ada42ce7eca93e930708d7ceb20ab0b42fc91739b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{96617758-AA6C-4B43-A0E5-03FE35F5D88B}\lib\jquery.custom-scrollbar.min.js

Filesize
14KB

MD5
ab3adf4aff09a1c562a29db05795c8ab

SHA1
f6c3f470aea0678945cb889f518a0e9a5ce44342

SHA256
d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b

SHA512
44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{96617758-AA6C-4B43-A0E5-03FE35F5D88B}\lib\jquery.min.js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\AppData\Local\Temp\{96617758-AA6C-4B43-A0E5-03FE35F5D88B}\lib\jquery.placeholder.min.js

Filesize
3KB

MD5
e13f16e89fff39422bbb2cb08a015d30

SHA1
e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9

SHA256
24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe

SHA512
aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{96617758-AA6C-4B43-A0E5-03FE35F5D88B}\main.html

Filesize
8KB

MD5
f4b7942d6563727bd614f10da0f38445

SHA1
84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9

SHA256
e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc

SHA512
f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{96617758-AA6C-4B43-A0E5-03FE35F5D88B}\main.js

Filesize
58KB

MD5
a8f9eb478c7512c98ca1ad46dbcc298a

SHA1
454226dc42b911caafc9a1e56d8ad0000bbb7643

SHA256
1df6cbdc80c1df47d93d6e7516a2d7017362413a6b9d93634e143856695c3645

SHA512
ae3198cc6ae739f3009359988f5c090664e5fe8422ad1cf739fe316e66f344c10385d1f841c7b0e3ca9f7997c79d95fa0559386b6dec10641ceb8c290b14f5b3

Download Submit
C:\Users\Admin\Downloads\ADOBE MEDIA ENCODER 2020\ADOBE MEDIA ENCODER 2020\Adobe_Media_Encoder_2020_14.3.1.39\Set-up.exe

Filesize
7.3MB

MD5
de70f0deed893bba56ccb78eafd59606

SHA1
f351b0c2996a3573d36deab9b6b3961876189f71

SHA256
b9a187b59c758ead0022e50bbaae4133d2e37b769a054249afc0b6aa2e26774d

SHA512
86459d1e7ba8480cf005087450d7dcf969dcd6f6fd228012d7542539ff74d72105a35b3a8d8216e1b44cdee21730a1ddb32d9b5d20073099cb4da5a56c77fc41

Download Submit
C:\Users\Admin\Downloads\ADOBE MEDIA ENCODER 2020\ADOBE MEDIA ENCODER 2020\Adobe_Media_Encoder_2020_14.3.1.39\products\driver.xml

Filesize
703B

MD5
7c4fbe43cb8e1dee2c4f346517eb5016

SHA1
6a1a788a446d08042b3a8ecd8a9540e93916853d

SHA256
5d13adfc07aa0567bf4a44109f2ed82cddc6f204787248141890cfcc9c330f6b

SHA512
c5b4e01d719a6f847ead407cca373e144da67e739ce383b99b822b53f161e40e7fa31ba0dab6c6a9da175ef1265bfb7981badcb675ef2e819f6dbc61811cec3b

Download Submit
C:\Users\Admin\Downloads\fe42d8c7-33c0-4a0c-b844-da5c72c5d82e.tmp

Filesize
1.3MB

MD5
689796a477e4d8dea393eac5f55cd230

SHA1
0848d1a4546672978a6a49bfaf9eac2a59c477d8

SHA256
90dc37f4aa2516e675994595a7b4f76ca89729de84b6f74cc3468f685ee5827c

SHA512
494838fb98d476b7a3cb13b3e0f47f312198f3db1ee7d7e67cc2c66c7a79e8966a4d30d0f42237bf82465be756d198fb570392453ade8e96e95da667b06eb991

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit
memory/3664-1944-0x000001536F240000-0x000001536F241000-memory.dmp

Filesize
4KB

Download
memory/3664-1952-0x000001536F240000-0x000001536F241000-memory.dmp

Filesize
4KB

Download
memory/3664-1950-0x000001536F240000-0x000001536F241000-memory.dmp

Filesize
4KB

Download
memory/3664-1951-0x000001536F240000-0x000001536F241000-memory.dmp

Filesize
4KB

Download
memory/3664-1949-0x000001536F240000-0x000001536F241000-memory.dmp

Filesize
4KB

Download
memory/3664-1953-0x000001536F240000-0x000001536F241000-memory.dmp

Filesize
4KB

Download
memory/3664-1954-0x000001536F240000-0x000001536F241000-memory.dmp

Filesize
4KB

Download
memory/3664-1955-0x000001536F240000-0x000001536F241000-memory.dmp

Filesize
4KB

Download
memory/3664-1945-0x000001536F240000-0x000001536F241000-memory.dmp

Filesize
4KB

Download
memory/3664-1943-0x000001536F240000-0x000001536F241000-memory.dmp

Filesize
4KB

Download